From 311c88641e3b4be067ed6575369b401288e8984c Mon Sep 17 00:00:00 2001
From: Paul Cristian Sarbu <paul.cristian.sarbu@huawei.com>
Date: Mon, 13 Jan 2025 13:14:07 +0100
Subject: just-mr setup: Fix ensuring 'subdir' only accepts non-upwards paths

...which implicitly also enforces non-absolute.

This ensures that there is no access outside the root directory of
a Git checkout or the temporary unpack directory of an archive.
---
 src/other_tools/repo_map/repos_to_setup_map.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/other_tools/repo_map')

diff --git a/src/other_tools/repo_map/repos_to_setup_map.cpp b/src/other_tools/repo_map/repos_to_setup_map.cpp
index 27c39a77..383f763d 100644
--- a/src/other_tools/repo_map/repos_to_setup_map.cpp
+++ b/src/other_tools/repo_map/repos_to_setup_map.cpp
@@ -112,9 +112,9 @@ void GitCheckout(ExpressionPtr const& repo_desc,
                                             ? repo_desc_subdir->String()
                                             : "")
                       .lexically_normal();
-    if (subdir.is_absolute()) {
+    if (not PathIsNonUpwards(subdir)) {
         (*logger)(fmt::format("GitCheckout: Expected field \"subdir\" to be a "
-                              "relative path, but found {}",
+                              "non-upwards path, but found {}",
                               subdir.string()),
                   /*fatal=*/true);
         return;
-- 
cgit v1.2.3